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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 4/8/2009 has been entered. 

Response to Amendment 

The applicant has amended claims 8-14, 21-23, 26 and 28. Claims 8-14 and 21-29 are 
currently pending. 

Response to Arguments 

Applicant's arguments with respect to claims 8-14 and 21-29 have been considered but 
are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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Claims 8-14 and 21-29 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent Application Publication Number 2008/0134286 by Amdur et al. in view of U.S. 
Patent Number 6,072,875 to Tsudik. 

As to claim 8, Amdur teaches a method implemented in a computer-readable medium and 
for executing on a proxy server (Fig. 3 embodiment) the method for policy and attribute based 
access to a resource, comprising: receiving, at the proxy server, a session request for access to a 
resource, wherein the session request is sent from a service and includes alias identity 
information for a principal (paragraph 94, the user's login name is considered the alias or 
alternatively the biometric data in paragraph 188 can be considered an alias), wherein the alias 
identity information includes a password and a principal identification (paragraph 188 mentions 
a password and identification); mapping, by the proxy server, the alias identity information to 
identity information of the principal, the identity information associated with the true identity of 
the principal whereas the alias identity information is the password and the principal 
identification and the identity information and the true identity of the principal available to the 
proxy server by not the service or the resource (paragraphs 95-96); authenticating, by the proxy 
server, the identity information; acquiring, by the proxy server, a service contract for the 
principal, the service, and the resource, wherein the service contract includes selective resource 
access policies and attributes which are permissibly used by the service on behalf of the principal 
(paragraphs 95-96); and establishing, by the proxy server, a session with the service, wherein the 
session is controlled by the service contract (paragraphs 95-96); however Amdur does not 
explicitly teach alias information that is randomly generated from identity information that 
identifies the true identity of the principal. 
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Tsudik teaches a method wherein alias information that is randomly generated from 
identity information that identifies the true identity of the principal (see abstract and 
corresponding disclosure. The encrypted identifier and password are considered randomized). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Amdur regarding using a proxy to authenticate 
users with the teachings of Tsudik regarding randomized alias identification because such 
randomization prevents an intruder from detecting a user's identity or moves though the network. 

As to claim 9, Amdur teaches the method of claim 8 further comprising accessing an 
identity configuration for the principal in order to acquire the selective resource access policies 
and attributes included within the service contract (paragraph 96). 

As to claim 10, Amdur teaches the method of claim 8 further comprising denying access 
attempts made by the service during the session when the access attempts are not included within 
the service contract (paragraphs 95-96). 

As to claim 11, Amdur teaches the method of claim 8 further comprising terminating the 
session when an event is detected that indicates the service contract is compromised or has 
expired (paragraphs 198-199). 

As to claim 12, Amdur teaches the method of claim 8 further comprising establishing the 
service contract with the principal prior to receiving the session request (paragraphs 95-96). 

As to claim 13, Amdur teaches the method of claim 12 further comprising reusing the 
service contract to establish one or more additional sessions with the service, wherein the one or 
more additional sessions are associated with one or more additional session requests made by the 
service (paragraphs 93-96). 
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As to claim 14, Amdur teaches the method of claim 12 wherein the establishing further 
includes establishing the service contract with the principal in response to a redirection operation 
performed by a proxy that intercepts a browser request issued from the principal to the service 
for purposes of accessing the resource (paragraph 88). 

Claim 21 is rejected for the same reasoning as claim 8. 

As to claim 22, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising, permitting the service to indirectly access an 
identity store which represents the resource, and wherein the identity store includes secure 
information related to the principal (paragraphs 95-96). 

As to claim 23, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising terminating the session when the service contract 
expires or is compromised (paragraphs 198-199). 

As to claim 24, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of the mapping further includes interacting with an alias 
translator (paragraphs 95-96). 

As to claim 25, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of authentication further includes interacting with an 
identification authenticator (paragraphs 95-96). 

As to claim 26, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising managing the session by acting as an 
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intermediary between the service and a legacy Lightweight Directory Access Protocol (LDAP) 
application which has access privileges to the resource (paragraphs 97-103). 

As to claim 27, Amdur teaches the policy and attribute based resource session manager of 
claim 26, wherein the receiving further includes intercepting a session request that is issued from 
the service for the legacy LDAP application, wherein the session request includes the alias 
identity information (paragraphs 97-103). 

As to claim 28, Amdur teaches the policy and attribute based resource session manager of 
claim 27 having instructions further comprising managing the session with respect to the service 
as if the policy based resource session manager were the legacy LDAP application (paragraphs 
97-103). 

As to claim 29, Amdur teaches the policy and attribute based resource session manager of 
claim 21 wherein the instructions for establishing the session further includes defining the 
selective resource access policies as at least one of a read operation and a write operation and 
defining the attributes as selective confidential data related to the principal, wherein the policies 
define operations that are permissible on the attributes, and wherein values for the attributes 
reside in the resource (paragraphs 95-96). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DOUGLAS B. BLAIR whose telephone number is (571)272- 
3893. The examiner can normally be reached on 9:00am-5 :30pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Douglas B Blair/ 

Primary Examiner, Art Unit 2442 



